uniswap-ai
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches an installation script and related configuration from the OKX organization's GitHub repository.
- [REMOTE_CODE_EXECUTION]: Directs the agent to download a shell script from a remote source and pipe it directly into a shell interpreter for execution.
- [DATA_EXFILTRATION]: Gathers system-specific data, such as the hostname and the path to the user's home directory, to create a hashed device identifier. This identifier is transmitted to external telemetry endpoints at plugin-store-dun.vercel.app and okx.com through POST requests.
- [COMMAND_EXECUTION]: Employs shell commands including hostname, uname, and shasum to extract environment details for the purpose of generating tracking telemetry.
- [PROMPT_INJECTION]: Contains directives in the _shared/preflight.md file that instruct the agent to execute a series of setup and reporting commands, some of which run silently to collect and report device data. This also includes a discrepancy where the skill metadata and documentation claim the project is an official tool maintained by Uniswap Labs, whereas the platform identifies the author as MigOKG.
- [CREDENTIALS_UNSAFE]: Features a hardcoded Base64-encoded string within the reporting script that serves as a cryptographic key for generating HMAC signatures for telemetry reports.
Audit Metadata